Compartir a través de


2.2.2.2.9 DPAPI-NG Datum

 

The DPAPI-NG datum encapsulates the parameters necessary to decrypt a DPAPI-NG protector (ProtectorType of 0x0003).


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

EFSX_Datum

...

DpapiNgFlags

Data_Fields (variable)

...

EFSX_Datum (8 bytes): This field MUST be formatted as specified in section 2.2.2.2.2. The datum Type MUST be EFSX_TYPE_DPAPI_NG_DATA (0x0007). The datum Flags SHOULD include 0x0002, indicating a complex datum.

DpapiNgFlags (2 bytes): This field is reserved and SHOULD be set to 0x0000.

Data_Fields (variable): This field contains any number of nested EFSX_Datum structures. The nested datum structures MUST NOT overlap and MUST be entirely contained within the DPAPI-NG datum. This field SHOULD contain at least one datum structure, each of which MUST be of type EFSX_TYPE_BLOB (0x0001), MUST have a Role of 0x0007, and MUST have BlobType of 0x0005.